North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reverse DNS and SMTP

  • From: Nicole Harrington
  • Date: Thu Feb 28 19:21:51 2002

 Does anyone know of a program that can flag such things and alter mail headers
on the fly like this?


On 28-Feb-02 Unnamed Administration sources reported Jared Mauch said :
> On Thu, Feb 28, 2002 at 01:35:09PM -0700, Daniel Lark wrote:
>> You are most correct, it is definitely a double edged sword. Let's say
>> you try to reverse DNS on an address who's nameserver is down or
>> otherwise unreachable, what then? Some admins I know deliberately do run
>> reverse DNS as they view it as system cracker tool, or they feel it is
>> an unwarranted load, RFCs be damned. Is this admin decision the fault of
>> the user?
>       Use a non clueless isp.  the market is fairly saturated in
> most places with service providers.
>> You are not first one to try this. I have tried this myself and a
>> financial type didn't get an important email because of it. You know the
>> rest of the story.
>       What I do is format my smtp headers such that a very simple
> regex can find mail with no reverse dns and dump it in a spam folder.
> I find this catches a lot of the messages.
>       I try and let people know but for example, I am unable to
> find anyone at American Express or NWA that can fix their dns.
> (others are prompt in fixing their dns problems).
>> A better solution is to check the ip and see if it is an MX record for
>> the domain the mail purports to be from.
>       This has a number of flaws.  I won't delve into them though.
>> Just my opinion, and I could wrong.
>       - Jared
>> -dan
>> -----Original Message-----
>> From: [email protected] [mailto:[email protected]] On Behalf Of
>> Patrick Muldoon
>> Sent: Thursday, February 28, 2002 1:15 PM
>> To: [email protected]
>> Subject: Reverse DNS and SMTP
>>      We have recently implemented a policy on our mail servers of not
>> accepting mail from hosts that do not correctly resolve via reverse DNS.
>> While we on the technical side love the idea, there have been some
>> questions from the business side of the house.  
>>      If an ISP who doesn't have reverse DNS setup correctly on their
>> mail servers, we point them to the RFC's and generally offer to help
>> them correct it.  
>>      We have noticed that our spam has reduced drastically, and the
>> complaints are few, but alas this is a double edged sword, where if you
>> even block 1 legitimate e-mail out of the 100K+ that we receive daily,
>> someone is going to complain.   
>> Just curious if anybody here is doing the same and the response that
>> they have had from doing so.  Replies off list are fine and I will
>> summarize if people are interested.  
>> Thanks, 
>> Patrick
>> --
>> Patrick Muldoon, Network/Software Engineer
>> [email protected]
>> Press Ctrl-Alt-Del now for IQ test.
> -- 
> Jared Mauch  | pgp key available via finger from [email protected]
> clue++;      |  My statements are only mine.

                     |\ __ /|     (`\            
                     | o_o  |__  ) )           
                    //      \\                 
 Daemon Technologies(tm)  |  Phone: 510.895.9667
 [email protected]    |  
            -  Powered by FreeBSD  -
     Email, DNS, SiteHosting, FTP Services,
  Dedicated Servers,  Co-Location, and a Lot More
 " Daemons" will now be known as "spiritual guides"
-Politically Correct UNIX Page